US20060230447A1 - User interface component identifying authorization check - Google Patents

User interface component identifying authorization check Download PDF

Info

Publication number
US20060230447A1
US20060230447A1 US11/103,716 US10371605A US2006230447A1 US 20060230447 A1 US20060230447 A1 US 20060230447A1 US 10371605 A US10371605 A US 10371605A US 2006230447 A1 US2006230447 A1 US 2006230447A1
Authority
US
United States
Prior art keywords
authorization
user
user interface
interface component
data content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/103,716
Inventor
Cristina Buchholz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SAP SE
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US11/103,716 priority Critical patent/US20060230447A1/en
Assigned to SAP AKTIENGESELLSCHAFT reassignment SAP AKTIENGESELLSCHAFT ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BUCHHOLZ, CRISTINA
Publication of US20060230447A1 publication Critical patent/US20060230447A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the description relates to a user interface component that identifies at least one authorization check required for user access to data content.
  • the working environment of e-business is characterized by open networks and cross-company business transactions, replacing closed and monolithic systems.
  • secure data access is a central aspect of doing business.
  • access to digital information is typically managed using one or more authorizations.
  • access will depend more and more on authorization.
  • ways of rationalizing the authorization process and authorization status will be key.
  • GUI graphical user interface
  • the invention relates to identifying authorization checks for data content.
  • the invention includes a method of providing that an authorization check for data content is identified.
  • the method comprises creating a user interface component to display data content in a graphical user interface, wherein user access to the data content requires at least one authorization check.
  • the method comprises associating the user interface component with the at least one authorization check such that, upon the user interface component being implemented, the at least one authorization check is identified for providing a user with at least one authorization for the at least one authorization check.
  • the user interface component is associated with the at least one authorization check through a link in the user interface component.
  • the user interface component may relate to an aspect of a business process, wherein the at least one authorization is required for the user to perform the aspect of the business process.
  • the user interface component may be included in a work center software module, and assigning the user to the work center software module may trigger identification of the at least one authorization check for providing the user with the at least one authorization. It may be provided that the at least one authorization is stored in association with the work center software module.
  • the aspect may be at most two steps of the business process. The at most two steps may relate to user-initiated generation of a document. The at most two steps may relate to user-initiated verification of a document.
  • the invention includes a method of providing authorization for data content to a user.
  • the method comprises receiving a user interface component to display data content in a graphical user interface, the user interface component having an association with at least one authorization check required for a user to access the data content.
  • the method further comprises providing at least one authorization for the at least one authorization check to the user, the at least one authorization being identified using the association.
  • the association is a link in the user interface component.
  • the user interface component may relate to an aspect of a business process, wherein the at least one authorization is required for the user to perform the aspect of the business process.
  • the user interface component may be included in a work center software module, and assigning the user to the work center software module may trigger identification of the at least one authorization check for providing the user with the at least one authorization.
  • the at least one authorization may be stored in association with the work center software module.
  • the aspect may be at most two steps of the business process. The at most two steps may relate to user-initiated generation of a document. The at most two steps may relate to user-initiated verification of a document.
  • Advantages of the systems and techniques described herein may include any or all of the following: Providing an improved UI component that identifies the authorization checks for the data content of the component; providing a simplified procedure for assigning authorizations to a user; providing an improved structure for managing authorizations; and providing authorizations at an improved granularity level.
  • FIG. 1 shows a block diagram of a computer system using authorizations
  • FIG. 2 shows a block diagram of a work center software module that is associated with authorization checks
  • FIG. 3 shows an exemplary GUI for assigning a user to a work center
  • FIG. 4 shows an example of a work center GUI
  • FIGS. 5 and 6 show embodiments of inventive methods
  • FIG. 7 is a block diagram of a general computer system.
  • FIG. 1 shows an exemplary system 100 that uses authorizations.
  • the system includes several layers, including a UI layer 102 , one or more functional layers 104 , and a database layer 106 .
  • Authorization checks may exist at any or all of the layers.
  • each of the functional layers 104 a , 104 b , . . . , 104 n may include at least one authorization check 108 a , 108 b , . . . , 108 n .
  • Each authorization check may be invoked upon a user seeking access to specific data in the system.
  • different authorization checks may apply to data obtained from respective data sources 110 a and 110 b in the database layer.
  • a report generator 112 may output a report that includes analyzed or otherwise processed data, and access to such a report may require appropriate authorization.
  • the system may include one or more UI components 114 by which a user can view and perhaps edit data content 116 .
  • the data content is part of the report from the report generator 112 .
  • the system requires proper authorization for the user to view or edit the data content.
  • the UI component includes an association 118 with one or more of the authorization checks 108 a , 108 b , . . . , 108 n .
  • the association 118 identifies the authorization check(s) that are required for the data content.
  • the association 118 provides convenient identification of the required authorization checks so that the user can be given the proper authorization(s). That is, the user can be assigned to the UI component as a first step in providing access to data content, and the association 118 can be used in identifying the necessary authorizations.
  • Association 118 may be a link to the proper authorization check.
  • the data access restrictions may be organized according to a division between functional authorizations and instance-based authorizations.
  • a functional authorization may authorize the user to perform certain actions in the system, such as maintaining (creating, reading, updating, deleting) a category of records, or merely reading such records.
  • An instance-based authorization identifies the instance(s) of the record category upon which the user can perform such actions (for example, the user can maintain all records associated with a specific city.)
  • the functional authorization may relate to an aspect of a business process, such as issuing invoices, verifying or approving invoices, or releasing goods.
  • the aspect may be specified at a relatively fine level of granularity to provide flexibility in distributing the authority among users.
  • the authorized aspect may be confined to one or two steps of the business process.
  • FIG. 2 shows an example of a work center software module 200 (“work center”).
  • One or more users may be granted authorization to the work center's data content by associating the user(s) with the work center.
  • the work center can include one or more UI components.
  • the UI component 114 and a second UI component 115 are included in the work center 200 .
  • the second UI component relates to data content 117 and is associated with the required authorization check through an association 119 .
  • the system can determine, using the associations 118 and 119 , that the user needs respective authorizations 210 and 220 .
  • the work center may include an authorization container 230 in which to store the authorizations.
  • the authorizations may be placed in the container before any user is assigned to the work center.
  • the work center with its associated UI component(s) and authorization(s) may be generated before the system is delivered to the customer.
  • FIG. 3 shows an exemplary GUI 300 that can be used to assign a user to one or more work centers.
  • the GUI displays user information 302 .
  • an “Assigned WorkCenters” control 304 particular content is displayed in a work area 306 .
  • a first area 308 identifies one or more work centers that the user can be assigned to.
  • Controls 310 can be used to add or remove a particular work center from an area 312 that lists the work centers to which the user is currently assigned. For example, this user is assigned to three work centers: Purchasing Requests & Orders, Vendor Invoicing and Managing Purchasing.
  • a proposal area 314 can list one or more work centers that the system proposes for this particular user.
  • the user may have been assigned to a specific node or level in an organizational hierarchy of the customer organizations.
  • This node or level may be associated with certain work centers to be proposed for its users.
  • the proposal area 314 lists two proposed work centers.
  • a “WorkCenter Restrictions” control 316 being selected, it is possible to define, also in the work area 306 , the object instances that the user should be able to reach through this work center. Changes made in the GUI are saved using a control 318 .
  • FIG. 4 is an example of a work center 400 that displays data content.
  • the work center includes one or more UI components for presenting data content that is protected by authorization checks.
  • the UI components underlying the work center are associated with the respective authorization checks so that the proper authorizations can be provided to the user.
  • the work center provides the authorized user access to a sales work list 410 and two preview areas: an accounts area 420 and a products area 430 .
  • the areas 420 and 430 may include data generated by the report generator 112 .
  • a navigation area 440 includes available options, such as an Orders control 450 for navigating to an area where the user can perform predefined activities relating to orders. Because the user is assigned to the work center, the user is provided the authorizations for performing the tasks available in the work center.
  • FIG. 5 shows a flow chart of an exemplary method 500 of providing that an authorization check for data content is identified.
  • the method 500 can be performed using a computer program product, that is, by a processor executing instructions stored in a computer readable medium.
  • the method 500 comprises:
  • this step may include creating any of the UI components 114 or 115 , or the UI component for any of the areas 420 or 430 .
  • step 520 Associating, in step 520 , the UI component with the at least one authorization check.
  • the association is made such that, upon the UI component being implemented, the at least one authorization check is identified for providing the user with at least one corresponding authorization.
  • this step may include creating any of the associations 118 or 119 , or the association for the UI component underlying any of the previews 420 or 430 .
  • Creating the UI component (step 510 ) can include associating the UI component with the authorization check (step 520 ).
  • the authorization is stored in association with a work center software module.
  • the work center 400 may be provided with the authorization container 230 for storing the authorizations required for access to the sales work list 410 and areas 420 and 430 , as well as other authorizations.
  • FIG. 6 shows a flow chart of an exemplary method 600 of providing authorization for data content to a user.
  • the method 600 can be performed using a computer program product, that is, by a processor executing instructions stored in a computer readable medium.
  • the method 600 comprises:
  • step 610 an input to assign a user to a work center software module.
  • the system 100 may receive such an input when the user is assigned to a work center in the GUI 300 .
  • the system may propose the work center for the user.
  • a UI component to display data content in a graphical user interface.
  • the user interface component has an association with at least one authorization check required for a user to access the data content.
  • the system 100 receives any of the UI components 114 or 115 , or the UI component underlying any of the areas 420 or 430 , when they are implemented.
  • the UI component may be included in a work center.
  • the at least one authorization is identified using the association.
  • the association 118 may be used in providing the authorization 210 to the user.
  • step 640 storing, in step 640 , the authorization in association with a work center software module.
  • the authorizations 210 and 220 are stored in the authorization container 230 .
  • FIG. 7 is a block diagram of a computer system 700 that can be used in the operations described above, for example in the system 100 .
  • the system 700 includes a processor 710 , a memory 720 , a storage device 730 and an input/output device 740 .
  • Each of the components 710 , 720 , 730 and 740 are interconnected using a system bus 750 .
  • the processor 710 is capable of processing instructions for execution within the system 700 .
  • the processor 710 is a single-threaded processor.
  • the processor 710 is a multi-threaded processor.
  • the processor 710 is capable of processing instructions stored in the memory 720 or on the storage device 730 to display graphical information for a user interface on the input/output device 740 .
  • the memory 720 stores information within the system 700 .
  • the memory 720 is a computer-readable medium.
  • the memory 720 is a volatile memory unit.
  • the memory 720 is a non-volatile memory unit.
  • the storage device 730 is capable of providing mass storage for the system 700 .
  • the storage device 730 is a computer-readable medium.
  • the storage device 730 may be a floppy disk device, a hard disk device, an optical disk device, or a tape device.
  • the input/output device 740 provides input/output operations for the system 700 .
  • the input/output device 740 includes a keyboard and/or pointing device.
  • the input/output device 740 includes a display unit for displaying graphical user interfaces.
  • the input/output device can generate any or all GUIs described herein.
  • the invention can be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them.
  • Apparatus of the invention can be implemented in a computer program product tangibly embodied in an information carrier, e.g., in a machine-readable storage device or in a propagated signal, for execution by a programmable processor; and method steps of the invention can be performed by a programmable processor executing a program of instructions to perform functions of the invention by operating on input data and generating output.
  • the invention can be implemented advantageously in one or more computer programs that are executable on a programmable system including at least one programmable processor coupled to receive data and instructions from, and to transmit data and instructions to, a data storage system, at least one input device, and at least one output device.
  • a computer program is a set of instructions that can be used, directly or indirectly, in a computer to perform a certain activity or bring about a certain result.
  • a computer program can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
  • Suitable processors for the execution of a program of instructions include, by way of example, both general and special purpose microprocessors, and the sole processor or one of multiple processors of any kind of computer.
  • a processor will receive instructions and data from a read-only memory or a random access memory or both.
  • the essential elements of a computer are a processor for executing instructions and one or more memories for storing instructions and data.
  • a computer will also include, or be operatively coupled to communicate with, one or more mass storage devices for storing data files; such devices include magnetic disks, such as internal hard disks and removable disks; magneto-optical disks; and optical disks.
  • Storage devices suitable for tangibly embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, such as EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks.
  • semiconductor memory devices such as EPROM, EEPROM, and flash memory devices
  • magnetic disks such as internal hard disks and removable disks
  • magneto-optical disks and CD-ROM and DVD-ROM disks.
  • the processor and the memory can be supplemented by, or incorporated in, ASICs (application-specific integrated circuits).
  • ASICs application-specific integrated circuits
  • the invention can be implemented on a computer having a display device such as a CRT (cathode ray tube) or LCD (liquid crystal display) monitor for displaying information to the user and a keyboard and a pointing device such as a mouse or a trackball by which the user can provide input to the computer.
  • a display device such as a CRT (cathode ray tube) or LCD (liquid crystal display) monitor for displaying information to the user and a keyboard and a pointing device such as a mouse or a trackball by which the user can provide input to the computer.
  • the invention can be implemented in a computer system that includes a back-end component, such as a data server, or that includes a middleware component, such as an application server or an Internet server, or that includes a front-end component, such as a client computer having a graphical user interface or an Internet browser, or any combination of them.
  • a back-end component such as a data server
  • a middleware component such as an application server or an Internet server
  • a front-end component such as a client computer having a graphical user interface or an Internet browser, or any combination of them.
  • the components of the system can be connected by any form or medium of digital data communication such as a communication network. Examples of communication networks include, e.g., a LAN, a WAN, and the computers and networks forming the Internet.
  • the computer system can include clients and servers.
  • a client and server are generally remote from each other and typically interact through a network, such as the described one.
  • the relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

Abstract

Providing identification of an authorization check includes creating a UI component to display data content in a GUI, wherein user access to the data content requires at least one authorization check. The method includes associating the UI component with the at least one authorization check such that, upon the UI component being implemented, the at least one authorization check is identified for providing a user with at least one authorization for the at least one authorization check. Providing authorization to a user includes receiving a UI component to display data content in a GUI, the UI component having an association with at least one authorization check required for a user to access the data content. The method includes providing at least one authorization for the at least one authorization check to the user, the at least one authorization being identified using the association.

Description

    TECHNICAL FIELD
  • The description relates to a user interface component that identifies at least one authorization check required for user access to data content.
    • BACKGROUND
  • The working environment of e-business is characterized by open networks and cross-company business transactions, replacing closed and monolithic systems. In this environment, secure data access is a central aspect of doing business. As a result, access to digital information is typically managed using one or more authorizations. Also, in the world of Web services, access will depend more and more on authorization. In this environment, ways of rationalizing the authorization process and authorization status will be key.
  • One area of some difficulty in existing systems is the process of identifying the authorization checks that apply to a user's access to particular data. Part of the reason is that authorization checks can be distributed in any of several system layers. Locating such checks individually and obtaining the necessary authorizations can be a work intensive process. Also, there is not a distinct connection between, on one hand, the components in a graphical user interface (GUI) layer and, on the other the authorizations required for accessing the corresponding data content.
  • Existing approaches in this area include role-based authorization systems where each user is assigned one or more roles that determine what authorizations the user should have. A role typically covers all activities that a user can perform using a specific application. In other words, the level of granularity in assigning authority using roles is low. There are systems that include roles upon delivery; that is, where pre-delivery roles are defined before the customer initiates the system. Such roles may not be useful to many customers, because they grant a relatively far-reaching authority that is not applicable to the customer's business. Moreover, modifying the role may be difficult and may to some extend eliminate the intended advantage of the pre-delivery role. Accordingly, some experience indicates that customers disfavor pre-delivery roles.
    • SUMMARY
  • The invention relates to identifying authorization checks for data content.
  • In a first general aspect, the invention includes a method of providing that an authorization check for data content is identified. The method comprises creating a user interface component to display data content in a graphical user interface, wherein user access to the data content requires at least one authorization check. The method comprises associating the user interface component with the at least one authorization check such that, upon the user interface component being implemented, the at least one authorization check is identified for providing a user with at least one authorization for the at least one authorization check.
  • In selected embodiments, the user interface component is associated with the at least one authorization check through a link in the user interface component. The user interface component may relate to an aspect of a business process, wherein the at least one authorization is required for the user to perform the aspect of the business process. The user interface component may be included in a work center software module, and assigning the user to the work center software module may trigger identification of the at least one authorization check for providing the user with the at least one authorization. It may be provided that the at least one authorization is stored in association with the work center software module. The aspect may be at most two steps of the business process. The at most two steps may relate to user-initiated generation of a document. The at most two steps may relate to user-initiated verification of a document.
  • In a second general aspect, the invention includes a method of providing authorization for data content to a user. The method comprises receiving a user interface component to display data content in a graphical user interface, the user interface component having an association with at least one authorization check required for a user to access the data content. The method further comprises providing at least one authorization for the at least one authorization check to the user, the at least one authorization being identified using the association.
  • In selected embodiments, the association is a link in the user interface component. The user interface component may relate to an aspect of a business process, wherein the at least one authorization is required for the user to perform the aspect of the business process. The user interface component may be included in a work center software module, and assigning the user to the work center software module may trigger identification of the at least one authorization check for providing the user with the at least one authorization. The at least one authorization may be stored in association with the work center software module. The aspect may be at most two steps of the business process. The at most two steps may relate to user-initiated generation of a document. The at most two steps may relate to user-initiated verification of a document.
  • Advantages of the systems and techniques described herein may include any or all of the following: Providing an improved UI component that identifies the authorization checks for the data content of the component; providing a simplified procedure for assigning authorizations to a user; providing an improved structure for managing authorizations; and providing authorizations at an improved granularity level.
  • The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows a block diagram of a computer system using authorizations;
  • FIG. 2 shows a block diagram of a work center software module that is associated with authorization checks;
  • FIG. 3 shows an exemplary GUI for assigning a user to a work center;
  • FIG. 4 shows an example of a work center GUI;
  • FIGS. 5 and 6 show embodiments of inventive methods; and
  • FIG. 7 is a block diagram of a general computer system.
  • Like reference numerals in the various drawings indicate like elements.
    • DETAILED DESCRIPTION
  • FIG. 1 shows an exemplary system 100 that uses authorizations. The system includes several layers, including a UI layer 102, one or more functional layers 104, and a database layer 106. Authorization checks may exist at any or all of the layers. Particularly, each of the functional layers 104 a, 104 b, . . . , 104 n may include at least one authorization check 108 a, 108 b, . . . , 108 n. Each authorization check may be invoked upon a user seeking access to specific data in the system. For example, different authorization checks may apply to data obtained from respective data sources 110 a and 110 b in the database layer. As another example, a report generator 112 may output a report that includes analyzed or otherwise processed data, and access to such a report may require appropriate authorization.
  • The system may include one or more UI components 114 by which a user can view and perhaps edit data content 116. As an example, the data content is part of the report from the report generator 112. The system requires proper authorization for the user to view or edit the data content. The UI component includes an association 118 with one or more of the authorization checks 108 a, 108 b, . . . , 108 n. The association 118 identifies the authorization check(s) that are required for the data content. Upon implementing the UI component 114, the association 118 provides convenient identification of the required authorization checks so that the user can be given the proper authorization(s). That is, the user can be assigned to the UI component as a first step in providing access to data content, and the association 118 can be used in identifying the necessary authorizations. Association 118 may be a link to the proper authorization check.
  • The data access restrictions may be organized according to a division between functional authorizations and instance-based authorizations. A functional authorization may authorize the user to perform certain actions in the system, such as maintaining (creating, reading, updating, deleting) a category of records, or merely reading such records. An instance-based authorization, in contrast, identifies the instance(s) of the record category upon which the user can perform such actions (for example, the user can maintain all records associated with a specific city.) Moreover, the functional authorization may relate to an aspect of a business process, such as issuing invoices, verifying or approving invoices, or releasing goods. Thus, the aspect may be specified at a relatively fine level of granularity to provide flexibility in distributing the authority among users. For example, the authorized aspect may be confined to one or two steps of the business process.
  • Authorizations may be automatically identified and provided upon a user being assigned to a software module for the corresponding data content. FIG. 2 shows an example of a work center software module 200 (“work center”). One or more users may be granted authorization to the work center's data content by associating the user(s) with the work center. The work center can include one or more UI components. Here, the UI component 114 and a second UI component 115 are included in the work center 200. The second UI component relates to data content 117 and is associated with the required authorization check through an association 119. Upon the user being assigned to the work center, the system can determine, using the associations 118 and 119, that the user needs respective authorizations 210 and 220. Due to the associations included in the UI components, the authorization checks are identified no matter how “deep” the authorization checks lie in the layer structure of the system 10. The work center may include an authorization container 230 in which to store the authorizations. The authorizations may be placed in the container before any user is assigned to the work center. For example, the work center with its associated UI component(s) and authorization(s) may be generated before the system is delivered to the customer.
  • FIG. 3 shows an exemplary GUI 300 that can be used to assign a user to one or more work centers. The GUI displays user information 302. Upon selection of an “Assigned WorkCenters” control 304, particular content is displayed in a work area 306. A first area 308 identifies one or more work centers that the user can be assigned to. Controls 310 can be used to add or remove a particular work center from an area 312 that lists the work centers to which the user is currently assigned. For example, this user is assigned to three work centers: Purchasing Requests & Orders, Vendor Invoicing and Managing Purchasing. Also, a proposal area 314 can list one or more work centers that the system proposes for this particular user. For example, the user may have been assigned to a specific node or level in an organizational hierarchy of the customer organizations. This node or level, in turn, may be associated with certain work centers to be proposed for its users. Here, the proposal area 314 lists two proposed work centers. Upon a “WorkCenter Restrictions” control 316 being selected, it is possible to define, also in the work area 306, the object instances that the user should be able to reach through this work center. Changes made in the GUI are saved using a control 318.
  • FIG. 4 is an example of a work center 400 that displays data content. The work center includes one or more UI components for presenting data content that is protected by authorization checks. The UI components underlying the work center are associated with the respective authorization checks so that the proper authorizations can be provided to the user. Here, the work center provides the authorized user access to a sales work list 410 and two preview areas: an accounts area 420 and a products area 430. For example, the areas 420 and 430 may include data generated by the report generator 112. A navigation area 440 includes available options, such as an Orders control 450 for navigating to an area where the user can perform predefined activities relating to orders. Because the user is assigned to the work center, the user is provided the authorizations for performing the tasks available in the work center.
  • FIG. 5 shows a flow chart of an exemplary method 500 of providing that an authorization check for data content is identified. The method 500 can be performed using a computer program product, that is, by a processor executing instructions stored in a computer readable medium. The method 500 comprises:
  • Creating, in step 510, a UI component to display data content in a GUI. At least one authorization check must be performed for user access to the data content. For example, this step may include creating any of the UI components 114 or 115, or the UI component for any of the areas 420 or 430.
  • Associating, in step 520, the UI component with the at least one authorization check. The association is made such that, upon the UI component being implemented, the at least one authorization check is identified for providing the user with at least one corresponding authorization. For example, this step may include creating any of the associations 118 or 119, or the association for the UI component underlying any of the previews 420 or 430. Creating the UI component (step 510) can include associating the UI component with the authorization check (step 520).
  • Optionally providing, in step 530, that the authorization is stored in association with a work center software module. For example, the work center 400 may be provided with the authorization container 230 for storing the authorizations required for access to the sales work list 410 and areas 420 and 430, as well as other authorizations.
  • FIG. 6 shows a flow chart of an exemplary method 600 of providing authorization for data content to a user. The method 600 can be performed using a computer program product, that is, by a processor executing instructions stored in a computer readable medium. The method 600 comprises:
  • Optionally receiving, in step 610, an input to assign a user to a work center software module. For example, the system 100 may receive such an input when the user is assigned to a work center in the GUI 300. The system may propose the work center for the user.
  • Receiving, in step 620, a UI component to display data content in a graphical user interface. The user interface component has an association with at least one authorization check required for a user to access the data content. For example, the system 100 receives any of the UI components 114 or 115, or the UI component underlying any of the areas 420 or 430, when they are implemented. The UI component may be included in a work center.
  • Providing, in step 630, at least one authorization for the at least one authorization check to the user. The at least one authorization is identified using the association. For example, the association 118 may be used in providing the authorization 210 to the user.
  • Optionally storing, in step 640, the authorization in association with a work center software module. For example, the authorizations 210 and 220 are stored in the authorization container 230.
  • FIG. 7 is a block diagram of a computer system 700 that can be used in the operations described above, for example in the system 100. The system 700 includes a processor 710, a memory 720, a storage device 730 and an input/output device 740. Each of the components 710, 720, 730 and 740 are interconnected using a system bus 750. The processor 710 is capable of processing instructions for execution within the system 700. In one embodiment, the processor 710 is a single-threaded processor. In another embodiment, the processor 710 is a multi-threaded processor. The processor 710 is capable of processing instructions stored in the memory 720 or on the storage device 730 to display graphical information for a user interface on the input/output device 740.
  • The memory 720 stores information within the system 700. In one embodiment, the memory 720 is a computer-readable medium. In one embodiment, the memory 720 is a volatile memory unit. In another embodiment, the memory 720 is a non-volatile memory unit.
  • The storage device 730 is capable of providing mass storage for the system 700. In one embodiment, the storage device 730 is a computer-readable medium. In various different embodiments, the storage device 730 may be a floppy disk device, a hard disk device, an optical disk device, or a tape device.
  • The input/output device 740 provides input/output operations for the system 700. In one embodiment, the input/output device 740 includes a keyboard and/or pointing device. In one embodiment, the input/output device 740 includes a display unit for displaying graphical user interfaces. For example, the input/output device can generate any or all GUIs described herein.
  • The invention can be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. Apparatus of the invention can be implemented in a computer program product tangibly embodied in an information carrier, e.g., in a machine-readable storage device or in a propagated signal, for execution by a programmable processor; and method steps of the invention can be performed by a programmable processor executing a program of instructions to perform functions of the invention by operating on input data and generating output. The invention can be implemented advantageously in one or more computer programs that are executable on a programmable system including at least one programmable processor coupled to receive data and instructions from, and to transmit data and instructions to, a data storage system, at least one input device, and at least one output device. A computer program is a set of instructions that can be used, directly or indirectly, in a computer to perform a certain activity or bring about a certain result. A computer program can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
  • Suitable processors for the execution of a program of instructions include, by way of example, both general and special purpose microprocessors, and the sole processor or one of multiple processors of any kind of computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a processor for executing instructions and one or more memories for storing instructions and data. Generally, a computer will also include, or be operatively coupled to communicate with, one or more mass storage devices for storing data files; such devices include magnetic disks, such as internal hard disks and removable disks; magneto-optical disks; and optical disks. Storage devices suitable for tangibly embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, such as EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, ASICs (application-specific integrated circuits).
  • To provide for interaction with a user, the invention can be implemented on a computer having a display device such as a CRT (cathode ray tube) or LCD (liquid crystal display) monitor for displaying information to the user and a keyboard and a pointing device such as a mouse or a trackball by which the user can provide input to the computer.
  • The invention can be implemented in a computer system that includes a back-end component, such as a data server, or that includes a middleware component, such as an application server or an Internet server, or that includes a front-end component, such as a client computer having a graphical user interface or an Internet browser, or any combination of them. The components of the system can be connected by any form or medium of digital data communication such as a communication network. Examples of communication networks include, e.g., a LAN, a WAN, and the computers and networks forming the Internet.
  • The computer system can include clients and servers. A client and server are generally remote from each other and typically interact through a network, such as the described one. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
  • A number of embodiments of the invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. Accordingly, other embodiments are within the scope of the following claims.

Claims (18)

1. A method of providing that an authorization check for data content is identified, the method comprising:
creating a user interface component to display data content in a graphical user interface, wherein user access to the data content requires at least one authorization check; and
associating the user interface component with the at least one authorization check such that, upon the user interface component being implemented, the at least one authorization check is identified for providing a user with at least one authorization for the at least one authorization check.
2. The method of claim 1, wherein the user interface component is associated with the at least one authorization check through a link in the user interface component.
3. The method of claim 1, wherein the user interface component relates to an aspect of a business process, wherein the at least one authorization is required for the user to perform the aspect of the business process.
4. The method of claim 3, wherein the user interface component is included in a work center software module, and wherein assigning the user to the work center software module triggers identification of the at least one authorization check for providing the user with the at least one authorization.
5. The method of claim 4, further comprising providing that the at least one authorization is stored in association with the work center software module.
6. The method of claim 3, wherein the aspect is at most two steps of the business process.
7. The method of claim 6, wherein the at most two steps relate to user-initiated generation of a document.
8. The method of claim 6, wherein the at most two steps relate to user-initiated verification of a document.
9. A computer program product tangibly embodied in an information carrier, the computer program product including instructions that, when executed, cause a processor to perform operations comprising:
creating a user interface component to display data content in a graphical user interface, wherein user access to the data content requires at least one authorization check; and
associating the user interface component with the at least one authorization check such that, upon the user interface component being implemented, the at least one authorization check is identified for providing a user with at least one authorization for the at least one authorization check.
10. A method of providing authorization for data content to a user, the method comprising:
receiving a user interface component to display data content in a graphical user interface, the user interface component having an association with at least one authorization check required for a user to access the data content; and
providing at least one authorization for the at least one authorization check to the user, the at least one authorization being identified using the association.
11. The method of claim 10, wherein the association is a link in the user interface component.
12. The method of claim 10, wherein the user interface component relates to an aspect of a business process, wherein the at least one authorization is required for the user to perform the aspect of the business process.
13. The method of claim 12, wherein the user interface component is included in a work center software module, and wherein assigning the user to the work center software module triggers identification of the at least one authorization check for providing the user with the at least one authorization.
14. The method of claim 13, further comprising storing the at least one authorization in association with the work center software module.
15. The method of claim 12, wherein the aspect is at most two steps of the business process.
16. The method of claim 15, wherein the at most two steps relate to user-initiated generation of a document.
17. The method of claim 15, wherein the at most two steps relate to user-initiated verification of a document.
18. A computer program product tangibly embodied in an information carrier, the computer program product including instructions that, when executed, cause a processor to perform operations comprising:
receiving a user interface component to display data content in a graphical user interface, the user interface component having an association with at least one authorization check required for a user to access the data content; and
providing at least one authorization for the at least one authorization check to the user, the at least one authorization being identified using the association.
US11/103,716 2005-04-12 2005-04-12 User interface component identifying authorization check Abandoned US20060230447A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/103,716 US20060230447A1 (en) 2005-04-12 2005-04-12 User interface component identifying authorization check

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/103,716 US20060230447A1 (en) 2005-04-12 2005-04-12 User interface component identifying authorization check

Publications (1)

Publication Number Publication Date
US20060230447A1 true US20060230447A1 (en) 2006-10-12

Family

ID=37084553

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/103,716 Abandoned US20060230447A1 (en) 2005-04-12 2005-04-12 User interface component identifying authorization check

Country Status (1)

Country Link
US (1) US20060230447A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130085702A1 (en) * 2011-09-30 2013-04-04 Bradley BURTON Medical linear accelerator signal analyzer and display device
WO2022226545A1 (en) * 2021-04-23 2022-10-27 Videoamp, Inc. Electronic multi-tenant data management systems and clean rooms

Citations (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020035497A1 (en) * 2000-06-09 2002-03-21 Jeff Mazereeuw System and method for utility enterprise management
US20020057298A1 (en) * 1998-12-30 2002-05-16 Jack Wassom Customized user interface
US20020083057A1 (en) * 2000-12-27 2002-06-27 Zulpa Paul A. Method and system for facilitating production changes in an extended enterprise environment
US20020149793A1 (en) * 2001-04-13 2002-10-17 The Code Corporation System and method for associating pre-printed machine-readable graphical codes with electronically-accessible data
US20030061404A1 (en) * 2001-09-21 2003-03-27 Corel Corporation Web services gateway
US20030084046A1 (en) * 2001-10-25 2003-05-01 Abm Systems Ltd. Versatile database interface system
US6587853B1 (en) * 1999-05-19 2003-07-01 Plum Software Associates, Inc. System that employs inferencing for troubleshooting complex user authentication problems
US20030135378A1 (en) * 2002-01-11 2003-07-17 Seh America, Inc. Method and system for reporting, assigning, and tracking facilities incident reports
US20030154406A1 (en) * 2002-02-14 2003-08-14 American Management Systems, Inc. User authentication system and methods thereof
US20040177073A1 (en) * 2003-01-17 2004-09-09 Harry Snyder Executable application access management system
US6870529B1 (en) * 2002-03-28 2005-03-22 Ncr Corporation System and method for adjusting display brightness levels according to user preferences
US20050198173A1 (en) * 2004-01-02 2005-09-08 Evans Alexander W. System and method for controlling receipt of electronic messages
US20050198534A1 (en) * 2004-02-27 2005-09-08 Matta Johnny M. Trust inheritance in network authentication
US20050268107A1 (en) * 2003-05-09 2005-12-01 Harris William H System and method for authenticating users using two or more factors
US20060047556A1 (en) * 2004-08-31 2006-03-02 Lang Torsten I Method and system for staffing
US20060050688A1 (en) * 2004-09-03 2006-03-09 Zoom Telephonics, Inc. Method and apparatus for user authentication
US20060074740A1 (en) * 2004-10-05 2006-04-06 Api Software, Inc. Medical facility employee scheduling method using patient acuity information
US20060184401A1 (en) * 2005-02-15 2006-08-17 International Business Machines Corporation System and method for resource and cost planning of an IT migration
US20060224477A1 (en) * 2005-03-10 2006-10-05 Api Software, Inc. Automated auction method for staffing work shifts
US7240360B1 (en) * 2001-01-08 2007-07-03 Microsoft Corporation System and method for controlling access to user interface elements
US20070219842A1 (en) * 2001-03-16 2007-09-20 Siebel Systems, Inc. System and method for assigning and scheduling activities
US7318048B1 (en) * 1999-09-07 2008-01-08 Rysix Holdings Llc Method of and system for authorizing purchases made over a computer network
US20080098085A1 (en) * 2006-10-20 2008-04-24 Sap Ag Service enabled tagged user interfaces
US20080230616A1 (en) * 2003-02-18 2008-09-25 Serverside Group Limited Computerized Card Production Equipment

Patent Citations (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020057298A1 (en) * 1998-12-30 2002-05-16 Jack Wassom Customized user interface
US6587853B1 (en) * 1999-05-19 2003-07-01 Plum Software Associates, Inc. System that employs inferencing for troubleshooting complex user authentication problems
US7318048B1 (en) * 1999-09-07 2008-01-08 Rysix Holdings Llc Method of and system for authorizing purchases made over a computer network
US20020035497A1 (en) * 2000-06-09 2002-03-21 Jeff Mazereeuw System and method for utility enterprise management
US6721746B2 (en) * 2000-12-27 2004-04-13 International Business Machines Corporation Method and system for facilitating production changes in an extended enterprise environment
US20020083057A1 (en) * 2000-12-27 2002-06-27 Zulpa Paul A. Method and system for facilitating production changes in an extended enterprise environment
US7240360B1 (en) * 2001-01-08 2007-07-03 Microsoft Corporation System and method for controlling access to user interface elements
US20070219842A1 (en) * 2001-03-16 2007-09-20 Siebel Systems, Inc. System and method for assigning and scheduling activities
US20020149793A1 (en) * 2001-04-13 2002-10-17 The Code Corporation System and method for associating pre-printed machine-readable graphical codes with electronically-accessible data
US7185824B2 (en) * 2001-04-13 2007-03-06 The Code Corporation System and method for associating pre-printed machine-readable graphical codes with electronically-accessible data
US20030061404A1 (en) * 2001-09-21 2003-03-27 Corel Corporation Web services gateway
US20030084046A1 (en) * 2001-10-25 2003-05-01 Abm Systems Ltd. Versatile database interface system
US20030135378A1 (en) * 2002-01-11 2003-07-17 Seh America, Inc. Method and system for reporting, assigning, and tracking facilities incident reports
US7231657B2 (en) * 2002-02-14 2007-06-12 American Management Systems, Inc. User authentication system and methods thereof
US20030154406A1 (en) * 2002-02-14 2003-08-14 American Management Systems, Inc. User authentication system and methods thereof
US6870529B1 (en) * 2002-03-28 2005-03-22 Ncr Corporation System and method for adjusting display brightness levels according to user preferences
US20040177073A1 (en) * 2003-01-17 2004-09-09 Harry Snyder Executable application access management system
US20080230616A1 (en) * 2003-02-18 2008-09-25 Serverside Group Limited Computerized Card Production Equipment
US20050268107A1 (en) * 2003-05-09 2005-12-01 Harris William H System and method for authenticating users using two or more factors
US20050198173A1 (en) * 2004-01-02 2005-09-08 Evans Alexander W. System and method for controlling receipt of electronic messages
US20050198534A1 (en) * 2004-02-27 2005-09-08 Matta Johnny M. Trust inheritance in network authentication
US20060047556A1 (en) * 2004-08-31 2006-03-02 Lang Torsten I Method and system for staffing
US20060050688A1 (en) * 2004-09-03 2006-03-09 Zoom Telephonics, Inc. Method and apparatus for user authentication
US20060074740A1 (en) * 2004-10-05 2006-04-06 Api Software, Inc. Medical facility employee scheduling method using patient acuity information
US20060184401A1 (en) * 2005-02-15 2006-08-17 International Business Machines Corporation System and method for resource and cost planning of an IT migration
US20060224477A1 (en) * 2005-03-10 2006-10-05 Api Software, Inc. Automated auction method for staffing work shifts
US20080046305A1 (en) * 2005-03-10 2008-02-21 Luis Garcia Automated auction method for staffing work shifts
US20080098085A1 (en) * 2006-10-20 2008-04-24 Sap Ag Service enabled tagged user interfaces

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130085702A1 (en) * 2011-09-30 2013-04-04 Bradley BURTON Medical linear accelerator signal analyzer and display device
US9872376B2 (en) * 2011-09-30 2018-01-16 Varian Medical Systems, Inc. Medical linear accelerator signal analyzer and display device
WO2022226545A1 (en) * 2021-04-23 2022-10-27 Videoamp, Inc. Electronic multi-tenant data management systems and clean rooms
GB2620702A (en) * 2021-04-23 2024-01-17 Videoamp Inc Electronic multi-tenant data management systems and clean rooms

Similar Documents

Publication Publication Date Title
US8132231B2 (en) Managing user access entitlements to information technology resources
US8893297B2 (en) Personal data management system with sharing revocation
US7853607B2 (en) Related actions server
US9652788B2 (en) Method and apparatus for logging privilege use in a distributed computing environment
US7653688B2 (en) Role-based portal to a workplace system
US9092796B2 (en) Personal data management system with global data store
US7756820B2 (en) Activity browser
US7904885B2 (en) Change management for structure objects
US8316420B2 (en) Access control on dynamically instantiated portal applications
US20080016580A1 (en) Role-based access in a multi-customer computing environment
US20070033196A1 (en) Service directory
US20100043051A1 (en) Identifying and resolving separation of duties conflicts in a multi-application environment
US7703033B2 (en) Access administration using activatable rules
KR102213465B1 (en) Apparatus and method for managing information security
US9842221B2 (en) Role analyzer and optimizer in database systems
US20090043596A1 (en) Systems and methods for consolidated entitlement management
US20070100685A1 (en) Portfolio infrastructure management method and system
US20080312938A1 (en) Ticket Management System
US20180349269A1 (en) Event triggered data retention
US8386779B2 (en) Role navigation designer and verifier
Liu et al. Role-based authorizations for workflow systems in support of task-based separation of duty
US20070265779A1 (en) Estimating development of new user interface
US20120117656A1 (en) Security Validation of Business Processes
US20060230447A1 (en) User interface component identifying authorization check
US20100333106A1 (en) Reorganization process manager

Legal Events

Date Code Title Description
AS Assignment

Owner name: SAP AKTIENGESELLSCHAFT, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BUCHHOLZ, CRISTINA;REEL/FRAME:016326/0189

Effective date: 20050412

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION